March 19, 2026 vulnerability digest: three unpatched WordPress criticals, OpenClaw cluster

Eighty-two new CVEs hit the NVD on March 19, 2026. Thirty-one affect enterprise and web infrastructure. The batch includes unpatched critical flaws (CVSS 9.3 to 9.8) in WooCommerce, BuilderPress, and Profile Builder Pro WordPress plugins.

Critical tier

CVE-2026-27542 (CVSS 9.8) hits Rymera Web Co's WooCommerce Wholesale Lead Capture plugin. All versions through 1.17.8 are affected. An unauthenticated visitor can escalate to administrator through a logic error in role assignment (CWE-269). Once exploited, the attacker creates admin accounts, installs backdoor plugins, exfiltrates WooCommerce order and customer data, and injects payment-skimming code.

CVE-2026-27540 (CVSS 9.0) is an unrestricted file upload in the same Wholesale Lead Capture version range. CVE-2026-27541 (CVSS 7.2) lets shop managers escalate to admin in the related Wholesale Suite plugin. The combined picture points to systemic authorization problems across the product family.

CVE-2026-27065 (CVSS 9.8) is a PHP local file inclusion in ThimPress BuilderPress ≤2.0.1. The plugin passes user-controlled input to PHP include statements without sanitizing path traversal sequences. An unauthenticated attacker can read wp-config.php (database credentials, authentication salts, secret keys) or chain with log poisoning for remote code execution. WP-Firewall published its advisory on March 14. The NVD entry appeared on March 19, leaving a seven-day blind spot for defenders who rely solely on NVD alerts.

CVE-2026-27413 (CVSS 9.3) is a blind SQL injection in Cozmoslabs Profile Builder Pro ≤3.13.9. Researcher 0xd4rk5id3 found the flaw through the Patchstack Bug Bounty Program. Profile Builder Pro manages user registration, login forms, and profile editing. It has over 50,000 active installations according to WordPress.org. An unauthenticated attacker can extract usernames, password hashes, and email addresses. Automated tools like sqlmap handle blind injection through boolean-based or time-based techniques.

The gap between public disclosure and NVD publication (seven days for BuilderPress) means defenders who rely on NVD alone are flying blind. WP-Firewall and Patchstack both published advisories before the NVD caught up.

— Artem Safonov, Threat Analyst at AnonHaven

High tier

CVE-2026-32255 (CVSS 8.6) is an unauthenticated SSRF in Kan, an open-source project management tool, versions ≤0.5.4. The /api/download/attatchment endpoint (the misspelling is in the original code) accepts a user-supplied URL and passes it directly to a server-side fetch() call. An attacker can reach cloud metadata endpoints (169.254.169.254 on AWS, GCP, Azure), internal services, and private network resources. Fixed in Kan 0.5.5.

Kan is the third self-hosted project management tool hit by this pattern in March 2026. Plane (CVE-2026-30242, CVSS 8.5, March 6) and Wekan (CVE-2026-30844) share the same root cause. All three proxy user-supplied URLs during import or attachment handling without validation.

CVE-2026-4427 (CVSS 7.5) targets pgproto3, the Go PostgreSQL wire protocol library behind the popular pgx driver. A malicious PostgreSQL server can crash any connected application. The DataRow.Decode function fails to validate field lengths, and a negative value triggers a slice bounds panic. Red Hat classified the severity as "Important." Fixed in pgproto3 v2.3.3.

Five command injection flaws in OpenClaw, an open-source AI agent framework, affect Windows deployments before version 2026.2.19. CVE-2026-31994 and CVE-2026-22176 (both CVSS 6.9) allow injection through scheduled script creation. CVE-2026-32000 and CVE-2026-31995 (both CVSS 5.8) target extension tool execution and backup mechanisms. CVE-2026-31999 (CVSS 5.8) exploits working directory injection.

A sixth OpenClaw flaw is the most dangerous. CVE-2026-31998 (CVSS 8.3) is an authorization bypass in the Synology Chat channel plugin. When dmPolicy is set to "allowlist" with empty allowedUserIds, the system fails open. Any Synology sender can bypass checks and trigger unauthorized agent dispatch. OpenClaw has accumulated at least 15 security advisories in March 2026 alone, covering authorization bypasses in Slack, Microsoft Teams, Feishu, LINE, and Synology integrations.

An AI agent framework that can dispatch tools and execute system commands should deny access by default. OpenClaw's authorization logic does the opposite: when a policy is misconfigured or empty, access is granted. Fifteen advisories in one month points to a design-level problem, not isolated bugs.

— Artem Safonov, Threat Analyst at AnonHaven

CVE-2026-32743 (CVSS 6.5) is a stack-based buffer overflow in the PX4 drone autopilot, versions ≤1.17.0-rc2. The LogEntry.filepath buffer is 60 bytes, but sscanf parses log file paths with no width specifier. An attacker with MAVLink link access creates deeply nested directories via MAVLink FTP, then requests the log list. The flight controller's MAVLink task crashes, killing telemetry and command capability. PX4 has received five vulnerability disclosures in March 2026, all reachable via MAVLink, which has no built-in authentication or encryption.

Response summary

Deactivate the three unpatched WordPress plugins now. Update pgproto3 to v2.3.3. Audit OpenClaw channel plugin configurations for empty allowlists. Drone operators running PX4 should update and restrict MAVLink interface access.